CVE-2015-0837
29.11.2019, 22:15
The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| gnupg | gnupg | 𝑥 < 1.4.19 |
| gnupg | libgcrypt | 𝑥 < 1.6.3 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| gnupg |
| ||||||||
| libgcrypt11 |
| ||||||||
| libgcrypt20 |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libgcrypt-devel |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| libgcrypt20 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| libgcrypt20-32bit |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| libgcrypt20-hmac |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| libgcrypt20-hmac-32bit |
|
References